As part of Penn’s Identity & Access Management (IAM) Program, major improvements to the PennKey password reset process were implemented on November 15, 2022. PennKey Self-Service Password Reset (SSPR) dramatically improves user experience with a modern, secure, easy-to-use reset application for forgotten passwords, and should also significantly reduce the number of password help requests for Service Desks. See below for information on the SSPR project.
Who Is Affected?
All current PennKey users and administrators who provide PennKey assistance are affected by the process changes.
What Changed?
- The old Challenge-Response PennKey password reset process was replaced with a new application called “PennKey Self-Service Password Reset” (SSPR).
- The new SSPR application allows users to reset their own PennKey passwords if forgotten – using only a pre-registered personal (non-Penn) email address and cell phone number.
- On October 4, enrollment opened for current PennKey users to pre-register their preferred personal contact information (see "Enroll" tab).
- On October 18, an intercept screen began to appear at PennKey login asking users to enroll in SSPR with a link to enroll. This screen only appears to unenrolled users and only once a day, the first time a user attempts PennKey authentication. PennKey login will proceed in 20 seconds or users can click a link to continue immediately. After users enroll in SSPR, they will no longer receive this prompt.
- On November 15, SSPR went live, and those who enrolled are able to use the application to send a code to their registered personal email to reset a forgotten password at any time. After completing the reset, a notification message is sent to both the user’s registered personal email and cell phone (both are required to use SSPR).
- Those who choose not to enroll will continue to contact their LSPs or Service Desks if they need to reset forgotten PennKey passwords.
Note: Users’ registered personal emails and cell phone numbers are not shared by SSPR with other University systems or used for any purpose other than password reset. Both are required to meet the security standards published by the National Institute of Standards and Technology (NIST).
UPHS PennKey users: SSPR is optional for UPHS PennKey users. UPHS PennKey users are welcome to register for SSPR for their convenience, or may continue to use the existing UPHS PennKey Password Reset Application.
Non-Persistent PennKey users (users with PennKeys starting with “g” followed by seven digits): These users are not eligible to enroll in SSPR and will continue to contact their LSPs for assistance.
Before using SSPR, you must enroll and register your preferred personal contact information – a (non-Penn) email address and cell phone number (both are required to use SSPR).
To Enroll in SSPR: https://accounts.pennkey.upenn.edu/pwm/private/updateprofile
Those who choose not to enroll in SSPR will continue to contact their LSPs or Service Desks if they need to reset forgotten PennKey passwords.
Note: Use of password managers and other browser extensions may cause errors with PennKey Self-Service. If you encounter an error, try again with a different browser.
User Help & Resources
- SSPR Enrollment Instructions
- Contact your IT Support Staff or PennKey Support
Before using the app, you must have previously enrolled in SSPR and registered your preferred personal contact information (see "Enroll" tab). Once enrolled, you can use SSPR to send a code to your registered personal email to quickly reset a forgotten password at any time. After completing the reset, a notification message will be sent to both your registered personal email and cell phone (both are required to use SSPR).
To Reset PennKey Password Using SSPR: https://accounts.pennkey.upenn.edu/pwm/public/forgottenpassword
Note: Those who choose not to enroll in SSPR will continue to contact their LSPs or Service Desks if they need to reset forgotten PennKey passwords.
User Help & Resources
The following help docs are available for users and support providers:
- SSPR Enrollment Instructions (users)
- How to Reset Forgotten PennKey Password Using SSPR (users)
- SSPR End-User Support (support providers)
- Identity Proofing Guidance for PennKey Administrators (support providers)
- SSPR Information Sessions PPT (support providers)
Additional Information
- The SSPR intercept screen will continue to appear going forward to unenrolled users at PennKey login asking them to enroll. This screen will only appear once a day, the first time an unenrolled user attempts PennKey authentication. PennKey login will proceed in 20 seconds or users can click a link to continue immediately. After users enroll in SSPR, they will no longer receive this prompt.
- Enrollment for SSPR will be ongoing – new PennKey holders will receive the SSPR intercept screen at first PennKey login asking them to enroll in SSPR.
- UPHS PennKey users: SSPR is optional for UPHS PennKey users. UPHS PennKey users are welcome to register for SSPR for their convenience, or may continue to use the existing UPHS PennKey Password Reset Application.
- Non-Persistent PennKey users (users with PennKeys starting with “g” followed by seven digits): These users are not eligible to enroll in SSPR and will continue to contact their LSPs for assistance.
- Note: Use of password managers and other browser extensions may cause errors with PennKey Self-Service. If users encounter an error, have them try again with a different browser.
Support Provider Help
- For issues, support providers may contact ISC Client Care.
- Information sessions for support providers were held before SSPR go-live, and included an overivew of SSPR, the SSPR screen flow, help instructions, and ID proofing guidance (see PowerPoint deck from sessions). Recordings of the sessions are available (must be a PennO365 user to view):
- Help docs for both users and support providers are available (see "Documentation" tab).